/
Configuring OpenID Connect Authorization Server
This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring OpenID Connect Authorization Server
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
Owned by Former user (Deleted)
Last updated: Jul 05, 2016 by Former user (Deleted)
This topic guides you through configuring the OpenID Connect Authorization Server by modifying the identity.xml file found in the <PRODUCT_HOME>/repository/conf/identity/ directory.
The <OpenIDConnect> element contains the sub elements which can be configured accordingly as explained below.
<OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<!--
Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent>
</OpenIDConnect>
The following sub elements are the important configurations for configuring the OpenID Connect Authorization Server.
| Element | Description |
|---|---|
<IDTokenIssuerID> | The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values. |
<IDTokenExpiration> | The expiration value of the IDToken in seconds. |
<IDTokenCustomClaimsCallBackHandler> | This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference. |
<UserInfoEndpointClaimRetriever> | Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference. |
, multiple selections available,
Related content
Configuring OpenID Connect Authorization Server
Configuring OpenID Connect Authorization Server
More like this
Configuring OpenID Connect Authorization Server
Configuring OpenID Connect Authorization Server
More like this
Configuring OpenID Connect Authorization Server
Configuring OpenID Connect Authorization Server
More like this
Configuring OpenID Connect Authorization Server
Configuring OpenID Connect Authorization Server
More like this
Configuring OpenID Connect Authorization Server
Configuring OpenID Connect Authorization Server
More like this
Configuring OAuth2-OpenID Connect
Configuring OAuth2-OpenID Connect
More like this